Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: efitools

efitools (1.8.1-0ubuntu2) cosmic; urgency=medium * No-change rebuild against gnu-efi 3.0.8. -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 29 Aug 2018 16:24:45 -0400 efitools (1.8.1-0ubuntu1) cosmic; urgency=medium * New upstream release: 1.8.1 -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 04 Jun 2018 20:12:08 -0400 efitools (1.4.2+git20140118-0ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 07 Feb 2018 11:35:23 +0000 efitools (1.4.2+git20140118-0ubuntu1) trusty; urgency=low * Initial release into Ubuntu. - Feature Freeze Exception: LP #1299594. -- Jonathan Davies <jonathan.davies@canonical.com> Sat, 29 Mar 2014 18:55:36 +0000

Modifications :
  1. Download patch debian/rules

    --- 1.8.1-1/debian/rules 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/rules 2014-03-29 19:04:19.000000000 +0000 @@ -1,11 +1,4 @@ #!/usr/bin/make -f -# -*- makefile -*- - -# Uncomment this to turn on verbose mode. -export DH_VERBOSE=1 - -override_dh_auto_install: - dh_auto_install -- EFIDIR="debian/efitools/usr/lib/efitools/${DEB_TARGET_MULTIARCH}" %: - dh $@ + dh $@
  2. Download patch debian/patches/makefile-enable-harden-local-files.patch

    --- 1.8.1-1/debian/patches/makefile-enable-harden-local-files.patch 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/patches/makefile-enable-harden-local-files.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ ---- a/Makefile -+++ b/Makefile -@@ -21,6 +21,9 @@ - KEYBLACKLISTAUTH = $(ALLKEYS:=-blacklist.auth) - KEYHASHBLACKLISTAUTH = $(ALLKEYS:=-hash-blacklist.auth) - -+OLD_CFLAGS:=$(CFLAGS) -+OLD_LDFLAGS:=$(LDFLAGS) -+ - export TOPDIR := $(shell pwd)/ - - include Make.rules -@@ -88,31 +91,31 @@ - ShimReplace.so: lib/lib-efi.a - - cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) -lcrypto lib/lib.a - - sig-list-to-certs: sig-list-to-certs.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) -lcrypto lib/lib.a - - sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) -lcrypto lib/lib.a - - hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) lib/lib.a - - cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) -lcrypto lib/lib.a - - efi-keytool: efi-keytool.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) lib/lib.a - - efi-readvar: efi-readvar.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) -lcrypto lib/lib.a - - efi-updatevar: efi-updatevar.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) -lcrypto lib/lib.a - - flash-var: flash-var.o lib/lib.a -- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -+ $(CC) $(ARCH3264) -o $@ $< $(OLD_CFLAGS) $(OLD_LDFLAGS) lib/lib.a - - clean: - rm -f PK.* KEK.* DB.* $(EFIFILES) $(EFISIGNED) $(BINARIES) *.o *.so
  3. Download patch debian/control

    --- 1.8.1-1/debian/control 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/control 2014-03-29 20:00:10.000000000 +0000 @@ -1,25 +1,14 @@ Source: efitools -Section: admin +Section: utils Priority: optional -Maintainer: Debian UEFI Maintainers <debian-efi@lists.debian.org> -Uploaders: Arnaud Rebillout <arnaud.rebillout@collabora.com> -Build-Depends: debhelper (>= 9.0.0), - libfile-slurp-perl, - help2man, - libssl-dev, - openssl, - gnu-efi, - sbsigntool -Standards-Version: 3.9.8 -Homepage: http://blog.hansenpartnership.com/uefi-secure-boot/ -Vcs-Git: https://salsa.debian.org/efi-team/efitools.git -Vcs-Browser: https://salsa.debian.org/efi-team/efitools +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +Standards-Version: 3.9.5 +Build-Depends: debhelper (>= 9), gnu-efi, help2man, libfile-slurp-perl, + libssl-dev, openssl, sbsigntool Package: efitools Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, sbsigntool -Description: Tools to manipulate EFI secure boot keys and signatures - This package installs a variety of tools for manipulating keys and binary - signatures on UEFI secure boot platforms. - The tools provide access to the keys and certificates stored in the - secure variables of the UEFI firmware, usually in the NVRAM area. +Depends: ${shlibs:Depends}, ${misc:Depends}, sbsigntool, openssl, parted, + dosfstools, mtools +Description: useful tools for manipulating UEFI secure boot platforms + The package provides useful tools for manipulating UEFI secure boot platforms.
  4. Download patch debian/patches/series

    --- 1.8.1-1/debian/patches/series 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -makefile-enable-harden-local-files.patch
  5. Download patch debian/docs

    --- 1.8.1-1/debian/docs 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/docs 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -README
  6. Download patch debian/gbp.conf

    --- 1.8.1-1/debian/gbp.conf 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/gbp.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -[DEFAULT] -debian-branch = debian -upstream-tag = v%(version)s
  7. Download patch debian/README.debian

    --- 1.8.1-1/debian/README.debian 2018-06-01 09:10:50.000000000 +0000 +++ 1.8.1-0ubuntu2/debian/README.debian 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -Efitools -======== - -The Efitools packages contains two sets of utilities for UEFI Secure Boot: - -- the host files -- the UEFI executables - -Both allow manipulating UEFI variables, so using only one kind of tools should be enough. - -Before modifying the variables, the bootloader must be signed using a valid certificate. -The certificate, PK and KEK keys, db and dbx files must be prepared using the 'sbsigntool' package. - -Note that backups of all modified files are *strongly* recommended. - -For a complete example/walkthrough, see http://www.rodsbooks.com/efi-bootloaders/controlling-sb.html. - -Important note --------------- - -Be careful when modifying or removing UEFI variables! Removing or altering critical variables may brick -your system! - -Usually, this does *not* include PK, KEK or Secure Boot variables: as long as you can boot and go -to the firmware menu, Secure Boot can be reset to its factory state. - -Host files ----------- - -These files require the 'efivars' filesystem to be mounted. - -See http://blog.hansenpartnership.com/efitools-1-4-with-linux-key-manipulation-utilities-released/ -for some help and examples. - -UEFI files ----------- - -UEFI files are located in the `/usr/lib/efitools/${ARCH}` directory. - -These files should be copied on a bootable USB key for UEFI. They should be used within the Tianocore UEFI -Shell (version 1 and 2 should work). - -From the UEFI shell, run KeyTool.efi to view/edit keys. - -Security --------- - -The Firmware (BIOS) should be password-protected, or Secure Boot could be disabled from the menus. - -Protect your private keys (ideally, on an offline host). - -Use keys with a minimum size of 2048 bits.
  8. Download patch debian/copyright
  1. efitools